AuthentificationSecuritySecurity Management

Mozilla Highlights Insecure HTTP Websites In Firefox 51

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Follow on:
Google + Linkedin Subscribe to our newsletter Write a comment

Unsecured websites will display a lock with a red strike through it

Mozilla is taking a strong stance against unsecured websites, highlighting those that do not provide secure connections through authentication and encryption between its Firefox browser and web servers.

With Firefox 51, the browse will highlight websites that do not use HTTPS, the secure variant of the HTTP protocol, by displaying a grey lock with a rest diagonal line through it and a message noting the website is not secure. Conversely, sites that use HTTPS will display a green lock.

Highlighting HTTP

httpsMozilla is keen to push web developers into adopting HTTPS rather than leave them to move to the secure protocol at a leisurely pace, given how unsecured sites and web portal are easily and often exploited by hackers and cyber criminals.

“To keep users safe online, we would like to see all developers use HTTPS for their websites. Using HTTPS is now easier than ever. Amazing progress in HTTPS adoption has been made, with a substantial portion of web traffic now secured by HTTPS,” the company said.

“In upcoming releases, Firefox will show an in-context message when a user clicks into a username or password field on a page that doesn’t use HTTPS.  That message will show the same grey lock icon with red strike-through, accompanied by a similar message, ‘This connection is not secure. Logins entered here could be compromised.’

“As our plans evolve, we will continue to post updates but our hope is that all developers are encouraged by these changes to take the necessary steps to protect users of the Web through HTTPS.”

HTTPS is not exactly a new protocol but there are still plenty of websites that have not adopted it, which has prompted the likes of Google to take action to effectively shame websites without HTTPS from January onwards.

Without the protocol, there is a risk that nefarious actors could snoop on a users unencrypted data and modify a website before a visitor gets to it, potentially resulting in data theft.

However, adoption of HTTPS is gathering pace with WordPress rolling out free HTTPS encryption to all the custom domains it hosts.

Are you a security pro? Try our quiz!